Revision 32884e54
Added by Oleh Fedorenko over 1 year ago
app/controllers/api/v2/users_controller.rb | ||
---|---|---|
['compute_attributes']
|
||
|
||
before_action :find_optional_nested_object
|
||
skip_before_action :authorize, :only => [:extlogin]
|
||
before_action :authenticate, :only => [:extlogin]
|
||
|
||
api :GET, "/users/", N_("List all users")
|
||
api :GET, "/auth_source_ldaps/:auth_source_ldap_id/users", N_("List all users for LDAP authentication source")
|
||
... | ... | |
end
|
||
end
|
||
|
||
api :GET, "/users/extlogin", N_("Use to authenticate against external authentication source")
|
||
def extlogin
|
||
end
|
||
|
||
private
|
||
|
||
def find_resource
|
config/routes/api/v2.rb | ||
---|---|---|
resources :table_preferences, :only => [:index, :create, :destroy, :show, :update]
|
||
resources :mail_notifications, :only => [:create, :destroy, :update]
|
||
get 'mail_notifications', :to => 'mail_notifications#user_mail_notifications', :on => :member
|
||
get 'extlogin', :to => 'users#extlogin', :on => :collection
|
||
end
|
||
end
|
||
|
test/unit/foreman/access_permissions_test.rb | ||
---|---|---|
"api/graphql/execute",
|
||
|
||
# ping
|
||
"api/v2/ping/ping"
|
||
"api/v2/ping/ping",
|
||
|
||
"api/v2/users/extlogin"
|
||
]
|
||
|
||
MAY_SKIP_AUTHORIZED = ["about/index", "react/index", "api/v2/ping/ping"]
|
Also available in: Unified diff
Fixes #35473 - Add extlogin API endpoint
/users/extlogin endpoint is designed for UI interaction, thus
using this endpoint to create a session to be used via API will
fail with "Can't verify CSRF token authenticity" for any method
except GET. We need to have a separate endpoint to create a proper
session to be used via API.